informatica:linux:traefik
Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
informatica:linux:traefik [2022/06/03 18:24] – created javi | informatica:linux:traefik [2022/06/03 18:32] (current) – javi | ||
---|---|---|---|
Line 5: | Line 5: | ||
1. Get public IP address of server | 1. Get public IP address of server | ||
+ | < | ||
curl ifconfig.me | curl ifconfig.me | ||
- | 37.15.254.41 | + | 8.8.8.8 |
+ | </ | ||
2. Setup a DNS entry that points to that server | 2. Setup a DNS entry that points to that server | ||
Line 12: | Line 14: | ||
2.1. Check DNS name | 2.1. Check DNS name | ||
+ | < | ||
dig @8.8.8.8 test.javilegido.com +short | dig @8.8.8.8 test.javilegido.com +short | ||
- | 37.15.254.41 | + | 8.8.8.8 |
+ | </ | ||
3. Make sure ports TCP 80 and 443 are open | 3. Make sure ports TCP 80 and 443 are open | ||
- | WARNING: if behind LAN router remember to setup NAT | + | **WARNING**: if behind LAN router remember to setup NAT |
4. Generate certificate | 4. Generate certificate | ||
+ | < | ||
mkdir etc_letsencrypt | mkdir etc_letsencrypt | ||
docker run -it \ | docker run -it \ | ||
Line 28: | Line 33: | ||
-p 80:80 \ | -p 80:80 \ | ||
certbot/ | certbot/ | ||
+ | </ | ||
+ | < | ||
1 | 1 | ||
- | javi@legido.com | + | javi@example.com |
Y | Y | ||
N | N | ||
test.javilegido.com | test.javilegido.com | ||
+ | </ | ||
- | ``` | + | < |
Requesting a certificate for test.javilegido.com | Requesting a certificate for test.javilegido.com | ||
Successfully received certificate. | Successfully received certificate. | ||
Line 51: | Line 59: | ||
* Donating to EFF: https:// | * Donating to EFF: https:// | ||
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
- | ``` | + | </ |
5. | 5. | ||
+ | < | ||
tree | tree | ||
+ | </ | ||
+ | < | ||
etc_letsencrypt/ | etc_letsencrypt/ | ||
├── accounts | ├── accounts | ||
Line 91: | Line 102: | ||
certbot | certbot | ||
+ | </ | ||
+ | < | ||
fullchain.pem => | fullchain.pem => | ||
privkey.pem => | privkey.pem => | ||
chain.pem => | chain.pem => | ||
+ | </ | ||
acme.json | acme.json | ||
+ | < | ||
" | " | ||
{ | { | ||
Line 107: | Line 122: | ||
" | " | ||
}, | }, | ||
+ | </ | ||
6. Deploy traefik with one example | 6. Deploy traefik with one example | ||
Line 114: | Line 130: | ||
6.1. | 6.1. | ||
+ | < | ||
vim docker-compose.yml | vim docker-compose.yml | ||
+ | </ | ||
Adjust: | Adjust: | ||
+ | < | ||
--certificatesresolvers.myresolver.acme.email | --certificatesresolvers.myresolver.acme.email | ||
traefik.http.routers.whoami.rule | traefik.http.routers.whoami.rule | ||
+ | </ | ||
- | NOTE: the challenge is listening in port 8080, so don't change it | + | **NOTE**: the challenge is listening in port 8080, so don't change it |
- | ``` | + | < |
version: " | version: " | ||
Line 139: | Line 159: | ||
- " | - " | ||
#- " | #- " | ||
- | - " | + | - " |
- " | - " | ||
ports: | ports: | ||
Line 156: | Line 176: | ||
- " | - " | ||
- " | - " | ||
- | ``` | + | </ |
6.2. Start | 6.2. Start | ||
+ | < | ||
docker-compose up -d | docker-compose up -d | ||
+ | </ | ||
+ | < | ||
docker logs -f traefik | docker logs -f traefik | ||
+ | </ | ||
- | ``` | + | < |
... | ... | ||
time=" | time=" | ||
time=" | time=" | ||
... | ... | ||
- | ``` | + | </ |
6.3. | 6.3. | ||
Line 175: | Line 199: | ||
(From another host) | (From another host) | ||
+ | < | ||
wget https:// | wget https:// | ||
+ | </ | ||
6.4. Stop | 6.4. Stop | ||
- | docker-compose down | + | < |
+ | sudo docker-compose down | ||
+ | </ | ||
6.5. Backup | 6.5. Backup | ||
+ | < | ||
sudo cp letsencrypt/ | sudo cp letsencrypt/ | ||
+ | </ | ||
7. Replace certs | 7. Replace certs | ||
Line 189: | Line 219: | ||
7.1. Transform certbot certificates in strings | 7.1. Transform certbot certificates in strings | ||
+ | < | ||
sudo chown -R `whoami`: | sudo chown -R `whoami`: | ||
+ | </ | ||
+ | < | ||
_IN=etc_letsencrypt/ | _IN=etc_letsencrypt/ | ||
_OUT=traefik_certificate | _OUT=traefik_certificate | ||
cat $_IN | base64 | tr ' | cat $_IN | base64 | tr ' | ||
+ | </ | ||
+ | < | ||
_IN=etc_letsencrypt/ | _IN=etc_letsencrypt/ | ||
_OUT=traefik_key | _OUT=traefik_key | ||
cat $_IN | base64 | tr ' | cat $_IN | base64 | tr ' | ||
+ | </ | ||
7.2. Edit: | 7.2. Edit: | ||
+ | < | ||
sudo vim letsencrypt/ | sudo vim letsencrypt/ | ||
+ | </ | ||
And replace: | And replace: | ||
+ | < | ||
certificate: | certificate: | ||
key: | key: | ||
+ | </ | ||
- | WARNING: both files content differ, " | + | **WARNING**: both files content differ, " |
8. Test | 8. Test | ||
Line 214: | Line 254: | ||
8.1. Take MD5 of acme.json | 8.1. Take MD5 of acme.json | ||
+ | < | ||
sudo md5sum letsencrypt/ | sudo md5sum letsencrypt/ | ||
+ | </ | ||
+ | < | ||
ec151c804d1776d898b62b1b30691aeb | ec151c804d1776d898b62b1b30691aeb | ||
+ | </ | ||
8.2. Make file " | 8.2. Make file " | ||
+ | < | ||
vim docker-compose.yml | vim docker-compose.yml | ||
+ | </ | ||
And leave change only below line: | And leave change only below line: | ||
+ | < | ||
#- " | #- " | ||
- " | - " | ||
+ | </ | ||
8.3. Recreate | 8.3. Recreate | ||
+ | < | ||
sudo docker-compose up -d --force-recreate | sudo docker-compose up -d --force-recreate | ||
+ | </ | ||
8.4. Check MD5 of the file: | 8.4. Check MD5 of the file: | ||
+ | < | ||
sudo md5sum letsencrypt/ | sudo md5sum letsencrypt/ | ||
+ | </ | ||
+ | < | ||
ec151c804d1776d898b62b1b30691aeb | ec151c804d1776d898b62b1b30691aeb | ||
+ | </ | ||
Should be the same than step 8.1. | Should be the same than step 8.1. | ||
Line 241: | Line 295: | ||
8.5. Test | 8.5. Test | ||
+ | < | ||
wget https:// | wget https:// | ||
+ | </ |
informatica/linux/traefik.1654280669.txt.gz · Last modified: 2022/06/03 18:24 by javi